General

  • Target

    Sًolara (solara).zip

  • Size

    57.4MB

  • Sample

    240924-h6mt9avhnl

  • MD5

    f7b5e7b48233a00d95db46ab8fd288e0

  • SHA1

    d3fd89134630c5b68fae261a31d7c4d09ae3a42b

  • SHA256

    9219fc77d57606ceb9b764f0edbabfd8cb6a9b6d1e24e1b32ffc6e059f4fa0d1

  • SHA512

    f75de9b81f9b99ca1adde708c23cb1a457291a713893bd78baa31aa4e189396272452ff5cd8101c362b23fd2a8473d916604526f60b7158b51d6c1f96b379c8e

  • SSDEEP

    786432:D+Mp0V8HZOLNf7riTFsMCz6YmxbSsFRIOZmoTE1GUCp7Fvg5CH6R/4TCLO+J9HvH:b6V8El7u5bYmxbXZ9446Nvh6/9dpOT

Malware Config

Extracted

Family

redline

C2

185.196.9.26:6302

Targets

    • Target

      Solara/Solara.exe

    • Size

      310KB

    • MD5

      1e181be6e908e79fee9731a069aaabee

    • SHA1

      29380123f713099837cde30d3f29346cf2d7912e

    • SHA256

      cbe50981fad560cd0b69085df56181bacecb067458d5f4c531c4e6c5942f8d51

    • SHA512

      2ad0db04847aa0bbbf48b0bd26866baa3bc53a86d37f621c3a6b33fa115965a15c6f5d8536676bc7afa1b58785fe5728b19b4c95372432dba66e5e70f1c42f4c

    • SSDEEP

      6144:7bKDUycO672Zl2Iik4BD2N2oGEq7GmbLvrp1VDs:7bKgc675JJoq7GmbXp1VD

    • RedLine

      RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    • RedLine payload

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks